Technical Information
- [<HKLM>\System\CurrentControlSet\Services\SysMain] 'Start' = '00000002'
- %TEMP%\585l5p8acz.bak
- %TEMP%\e733.tmp
- %TEMP%\e762.tmp
- %TEMP%\e783.tmp
- %WINDIR%\dunlogs\2022-09-23_<File name>.exe.log
- %TEMP%\e733.tmp
- %TEMP%\e762.tmp
- %TEMP%\e783.tmp
- from %TEMP%\585l5p8acz.bak to %TEMP%\1478537756
- '47.##0.81.58':2333
- 'qn####c.mm2299.com':2333
- 'pg##.##nad3463fdefr.cn':2333
- 'pg##.##nad3463fdefr.cn':16772
- 'qn####c.mm2299.com':16636
- http://45.###.10.189:2333/index.html?z3##########
- http://10#.##.124.13:2333/index.html?z3##########
- http://10#.##.124.13:2333/shield/bp1oji.zip?84#####
- 'pg##.##nad3463fdefr.cn':16772
- 'qn####c.mm2299.com':16636
- DNS ASK qn####c.mm2299.com
- DNS ASK pg##.##nad3463fdefr.cn
- DNS ASK qw#.#ewwqq.top